Restaurant’s Payment Malware Incident Spans Seven States

The company known as CM Ebar LLC, which is the parent operation of the 29-unit Elephant Bar restaurant chain, said Tuesday (Dec. 8) that customers who used credit cards to pay for their purchases between August and December of this year may have been the victims of a data breach.

The potential security flaw came through malware that had been placed on the company's payment systems; that malware was discovered Nov. 3, the company said, as reported by Nation's Restaurant News.

The Elephant Bar was acquired by Chalak Mitra Group, the owner of CM Ebar LLC. The acquisition took place in 2014, bringing Elephant Bar out of bankruptcy proceedings.

An unnamed representative told Nation’s Restaurant News that the possible breach touched 20 locations in California, with single-digit locations compromised in Arizona and Colorado and a single location in each of the remaining states in which the restaurant operates.

In its statement, the casual dining company said: “We believe the malware could have compromised payment card data — including name, payment card account number, card expiration date and verification code — of customers who used a payment card at the affected locations.” The hack did not include other types of data, such as Social Security numbers or addresses, according to Elephant Bar. But customers are, not surprisingly, urged to remain vigilant when viewing debit and credit card statements, with an eye cast toward unusual activity showing up on statements.



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.